The connected devices, also known as Internet of Things (IoT) devices, are expected to reach approximately 50 billion of devices connected until 2020, according to reports from Gartner (available at http://www.gartner.com/newsroom/id/3165317) and Cisco (available at http://www.cisco.com/c/en/us/solutions/internet-of-things/overview.html?). This huge number of connected devices will potentially increase the network attacks and put user's privacy at risk.
The security risks associated with connected devices may vary from just obtaining data about the user's devices, such as user's home temperature, without the user concent (best or “minimal risk” scenario) to obtain sensitive information about user's life and habits to be used against him/her (worst or “maximum risk” scenario).
Another critical scenario are devices that control other things (objects, devices), like thermostats, lights, door locks, garage doors, pet feeders, alarm systems or any other actuator that could be remotely controlled by the attacker. That could be used to damage user's things or even to get easy access to user's home.
According to the OWASP (Open Web Application Security Project) published in the IoT Security Project (available online at https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project), the top 10 security vulnerabilities in Internet of Things devices that have been found in 2014. In the list, we can found some critical issues such like Insufficient Authentication/Authorization, Lack of Transport Encryption, Insufficient Security Configurability and Poor Physical Security.
Therefore, it is clear that there is a need to prevent, minimize or avoid these security vulnerabilities. Solutions with strong security features enable the users to protect themselves against attacks and ensure that data is not being analyzed or controlled by others, without a previous authorization. This will be a strong key feature to the raising IoT market and could enable the sales based on how strong the security is on the connected devices.
Additionally, there is an important aspect to be considered: the “trade-off” between security and usability. As some studies indicate (for example, please see document “Security and Usability: Analysis and Evaluation” available online at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.16 2.374&rep=rep1&type=pdf), usability and security are not mutually inclusive concepts. Most times, the easier a system is to use, the less secure it might be. For illustrational purposes, take as example the authentication task: Please imagine that there is no authentication procedure (log in) for a user to check his/her email (or authenticate to any system). It would be extremely easy for the user (i.e., a high degree of usability), but it would be extremely unsafe (little or no degree of security). On the other hand, imagine that in order to access his/her email (or authenticate to any system) the user has to type in a password, decipher a visually encrypted code and then type in a one-time password (OTP) sent by SMS to his/her smartphone. It would provide a very safe authentication system (i.e., high degree of security), but it would be very difficult to use such a system (low degree of usability).
Therefore, there is a need to provide secure and easy-to-use solutions for IoT market. This is one of the main objects of the present invention.
This method of the present invention is well aligned to become an international standard due the Internet of Things huge market opportunities and the investments on developing technologies and services. This invention will add a great value to the IoT solutions in a short time to market.
In the current state of art, we have found solutions that use the concept of enabling the connected device, as a Wi-Fi hotspot, using the 802.11x standard in order to a smart phone or any other device or computer with Wi-Fi capabilities to connect it directly to the device and by an embedded web page or an application installed, be able to configure the device with the router credentials and many other configuration variations.
Additionally, some technologies use a specific router with a preconfigured authentication credentials and security keys, in order to connect devices directly into the network or to be visible for discovering and broadcasting process for new devices into the network. This router is also connected by wired connection to the internet router. This specific router does not connect to the internet directly, and then you have to use two routers in the network.
The main problem in broadcast discovering is that the device will be using energy and processing until the pairing process is done/completed. It means that if the user does not configure the device, this broadcast will consume an amount of energy without any benefit for the user.
In the security aspect, some of the current technologies use factory security keys (default, standard, preconfigured) and passwords, which are used for all the devices and add a security risk/vulnerability, when the user keeps the factory settings or in some cases the device does not provides the ability to change the key or passwords.
In this scenario, it is necessary a solution that can be easily used to configure in a secure environment all the credentials and keys, without using factory settings, and that allows each user to have a specific security key.
Intel has published a presentation on Jun. 3, 2016 [Intel: https://www.youtube.com/watch?v=pQwh-rRKDg0] that shows a process using NFC passive tags/stickers and NFC adapters to provide provisioning information about the connected device to a provisioning device in order to transmit this provisioning information to the cloud service though the provisioning device. In this case, the connected device does not receive any information from the provisioning device and it seems to be read only.
In addition, a second method is presented using a NFC adapter embedded on the device that reads the information from the provisioning device. In this case, the provisioning device acts as a NFC tag to provide the provisioning information to the device and the device must be turned on, since the NFC adapter does not harvest the power from the provisioning device.
The Intel presentation is based on methods and protocols for provisioning the device by using a NFC tag or adapter to provide information to the cloud, and the configuration is unchangeable. Anyone with a NFC reader could read this information.
In terms of usability, the present method using NFC tags needs two NFC tapping steps to conclude the configuration, when using the router NFC, or only one when using the router NFC on board tool or using the NFC adapter embedded on device.
The table below shows the differences between the present method by Intel and the present invention:
FeatureDiferenceIs NFC tag read and writeThe Intel solution does notprotected?mention if the tag isprotected. The presentsolution must verify thedevice authenticity beforewriting on NFC.Can device beThe Intel solution must beconfigured even ifturned on. The presentdevice is turned off?solution can be configuredeven if it is turned off.Is device radioIntel solution the radio istransceiver offalways on. The presentbefore configured?solution only powers on theradio after theconfiguration.Is the configurationThe Intel solution providesprotected from NFC tagthe keys and configuration onreading?the NFC tag. The presentsolution receives the keysand credentials from theconfiguration device.Is the configurationThe Intel solution does notencrypted?mention if the configurationis encrypted on the NFC tag.Our solution encrypts theconfiguration on the internalmemory.Could the configuration beThe Intel solution uses adone offline?cloud based service to do theconfiguration processing. Thepresent solution also usesthe cloud to validate thedevice, but this could bedone offline, if at least onesuccessful login on the cloudservice.Does the method resist toBoth solutions can resist toeavesdropping attack duringan eavesdropping attack.configuration?Does the method verify theThe Intel solution mentionsdevice authenticity?about the device ownershipbut it does not verify thedevice authenticity. Thepresent solution implementsthis verification beforesending the configuration.*the configuration device application needs at least one valid login to get the credentials from the cloud.
Intel method uses the Web NFC (https://w3c.github.io/web-nfc/) specification, not standard, for the messaging layer exchange. On other hand, the method proposed by the present invention does not cover or specify the protocol layer for messaging and it is transparent to use any messaging protocol, public or private.
The Microsoft provisioning at the startup uses a XML file that is used during the startup process only once or after a complete device wipe up. Such method uses a SD card with the provisioning file and it is manually added to the memory root directory.
Chinese Patent document CN103916297A, published on Jul. 9, 2014, entitled: “Internet of things household appliance, system, wireless intelligent terminal and data transmission and configuration method”, describes a method to configure home appliances using two NFC apparatus to list the networks available to which appliances could be connected. The Chinese Patent document CN103916297A does not cover some security aspects, which are key features in the present invention, such as configuring the cryptographic credentials and keeping the wireless radio off, until a successful configuration. Such Chinese document also does not cover the methods to verify the device authenticity and the ownership.
U.S. Pat. No. 7,970,350B2, published on Jun. 28, 2011, entitled: “Devices and methods for content sharing”, describes a method to share content between two or more devices using NFC, including the Wi-Fi credentials. As the first cited Chinese document, this patent also does not cover some security aspects that are key features in the presented invention, including the wireless radio control, device authenticity verification and device ownership. The U.S. Pat. No. 7,970,350B2 also does not disclose how the sensitive data is stored in the device after the transmission over NFC (which could still be an attack vector that could reduce the security of the solution).
International application WO2015089318, published on Jun. 18, 2015, entitled: “Secure Communication Channel”, describes a method for a secure channel between two devices that grants an association between the devices and the users, for each device. The method describes the first communication form the device to the server over 7a secure channel and then a second communication from the server with the cryptographic key associated with that specific device. According to said international application, the device needs to connect to the server in order to exchange the cryptographic key, this scenario does not cover any other configuration, such as the Wi-Fi or cloud service credentials.